How to troubleshoot slow network issues
Troubleshoot slow network problems with network traffic analysis
One of the most vague issues to land on any Network Administrators desk is users complaining that the network is slow. In most cases, the network is not to blame, instead the user is experiencing issues with a slow application or website. However, more than often it is the responsibility of Network Administrators to troubleshoot slow network issues and prove that it is not the network.
The first thing you will need is a data source, so you can find out what is happening on your network. You can use technologies such as flow analysis or packet capture. For my example, I am going to use packet capture as it provides the greatest detail; you just need to ensure you set it up in the right places on the network. Check out my earlier post which looks at ways to monitor network traffic and pick the most important points to focus on.
We develop a network traffic monitoring tool called LANGuardian. It can report on real-time and historical network use. This is important when it comes to troubleshooting slow network issues. You need to be able to compare what is happening when the network is running slow versus what was happening when the network was running without issues.
Check overall traffic volumes
If the user complaints are coming from a remote office, I would check traffic volumes on the link first. We covered this topic in a previous post which looks at ways for generating reports on WAN bandwidth utilization. If the complaints are coming from users on the local LAN, then I would focus on all network activity.
The first report I look at is the ratio of TCP to UDP traffic. A normal network will have over 80% of TCP traffic. If UDP protocols are using your bandwidth, check the data from the previous day and see if it is something new. Excessive UDP traffic can be a sign of a DDoS attack or over use of media streaming. Issues such as these can slow down a network.
Find out what are the top applications consuming bandwidth
Next up, I would check for the most active applications. For most networks, activity like file sharing, web or database activity ranks highest during business hours. If you see something like backup running during the day or large data replications between servers it can be the source of network slowdowns.
Check for network broadcast issues
A broadcast storm can slow down a network within seconds. All it takes is for one rogue device to send out a few hundred megabytes of broadcast data and suddenly your LAN will be saturated with broadcast packets. A quick way to look for this activity is to filter on network packets which have ff:ff:ff:ff:ff:ff as a destination MAC address.
You should also take a look at multicast traffic. It is less problematic than broadcast traffic, but worth checking if you are trying to troubleshoot slow network problems. Use a filter to show traffic associated with the destination IP range 126.96.36.199/4.
Watch out for excessive connection rates
Firewalls and layer 3 devices such as routers, can struggle if connection rates increase significantly on a network. If clients start disconnecting from web sites or services hosted on the other side of routers, it is worth checking this metric.
There are many ways to troubleshoot slow network problems, and I havn’t covered them all in this post. However, I always use the following approach and in most cases, I find the root cause of network problems by monitoring network traffic and comparing what happens during a network slowdown against times when the network is running normally.
To see LANGuardian in action – try our interactive demo today!
NetFort provides network traffic and security monitoring software for virtual and physical networks. NetFort’s flagship product, LANGuardian, is unique in the marketplace thanks to its powerful deep-packet inspection technology that can be downloaded and deployed on standard physical or virtual hardware to provide comprehensive visibility in minutes. Organizations worldwide depend on LANGuardian solutions from monitoring user activity to file activity monitoring, web activity monitoring, network security monitoring,bandwidth monitoring, wire data analytics, network forensics to packet capture.